From b5e7982ade668d18e07f51401d9af04d612c3be3 Mon Sep 17 00:00:00 2001
From: Ian Jackson <ian.jackson@eu.citrix.com>
Date: Wed, 7 Oct 2009 15:51:55 +0100
Subject: [PATCH] check for bs->drv in bdrv_flush (Christoph Hellwig)

All the bdrv_ helpers should check for bs->drv being zero as that means
there is no backend image open.  bdrv_flush fails to perform that check
and can thus cause NULL pointer dereferences.

Found using qemu-io.

Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>

git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6943 c046a42c-6fe2-441c-8c8c-71466251a162

[ Backported from 6bbff9a0b495918309074ac60375be5f9dc868b3
  by Stefano Stabellini. ]

Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
(cherry picked from commit dddf85563a18db9ae83d59ad567f4d77d39da821)
---
 block.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/block.c b/block.c
index c3c44a95..3261225f 100644
--- a/block.c
+++ b/block.c
@@ -1071,6 +1071,8 @@ const char *bdrv_get_device_name(BlockDriverState *bs)
 int bdrv_flush(BlockDriverState *bs)
 {
     int ret = 0;
+    if (!bs->drv)
+        return -EINVAL;
     if (bs->drv->bdrv_flush)
         ret = bs->drv->bdrv_flush(bs);
     if (!ret && bs->backing_hd)
-- 
2.39.5